OpenSSH on Windows, ssh cannot |bind()| localport to port < 1023
Corinna Vinschen
vinschen at redhat.com
Fri Nov 24 03:26:38 AEDT 2023
On Nov 13 00:20, Cedric Blancher wrote:
> On Sat, 11 Nov 2023 at 14:26, Roland Mainz <roland.mainz at nrubsig.org> wrote:
> >
> > Hi!
> >
> > ----
> >
> > I'm doing some testing with the ssh client OpenSSH on Windows 10
> > (10.0-19045) but due to firewall restrictions I need to run my
> > experiments from a local port < 1024 (not negotiable).
> >
> > I thought that this was no problem... but ssh |bind()| fails with
> > "address in use" (yes, I checked netstat, no one is there) for any
> > port < 1023.
How do you do that? ssh -D?
> > Then I checked $ netstat # and $ netsh int ipv4 show excludedportrange
> > protocol=tcp # and the same for IPv6, noone is using ports.
> >
> > This *feels* like the "restricted port range" (1-1023) on UNIX/Linux,
> > where only "root" can do a |bind()| with a local port < 1023, but this
> > is Windows, and even as "Administrator" this still fails.
> > https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang
> > talks about a "... well-known ports that are used by services and
> > applications...", but I do not know where to set that (for a Cygwin
> > process).
This is about dynamic port binding, not about using a port below
1025 statically. The ports below 1025 are not available for
dynamic port binding, not even as a setting. But that's not what
you're trying to do anyway.
> > Does anyone know what is going on ? Is there a way around this ?
>
> How can Windows sshd bind() to port 22? How do they do that, and maybe
> that is a solution?
It just works.
There is no admin-only restricion on Windows for ports < 1024 either.
If the sshd_config file and the ssh hostkeys under /etc belong to your
own non-admin account, you can simply run sshd on port 22 just for
yourself on the commandline (/usr/sbin/sshd -D) and login to your own
account from another commandline.
>From what you tell, you have a local problem on your machine. It has
nothing to do with the implementation of OpenSSH, nor with port range
permissions on Windows. I'd blame the firewall.
Corinna
More information about the openssh-unix-dev
mailing list